backtop


Print 35 comment(s) - last by Azethoth.. on May 3 at 4:11 PM


MACDefender is the latest piece of malware to pop up targeting Apple's OS X platform. Its risk is minimal as it can only install via a combination of an exploit and user carelessness.  (Source: Intego)
Cybercriminal community's interest in attacking Apple users is growing, but still lacks discipline

According to a handful of dedicated hackers of Apple, Inc.'s (AAPL) computer operating system, OS X, the OS is actually less secure than Microsoft Corp.'s (MSFT) Windows.  But thanks to the OS's small market share (traditionally 5 percent or less) most cybercriminals haven't felt it worthwhile to target the platform.  Also, some hackers have misgivings about attacking Unix-like operating systems (e.g. Linux, OS X).

Still, Apple's growing market share and boastful claims of security have lead to an increased interest in attacks and some OS X malware has been popping up of late.  

The latest malware to target OS X is dubbed "MACDefender".  Attack pages for the new malware exploit the way Apple's default Safari browser handles Javascript, running a script that auto-initiates the download of a script file.  If the user has opted to open "safe" files, the archive will then auto-open and initiate an install dialogue.

The risk is minimal as users must approve of this dialogue and enter an administrative password to complete the installation.  Still it may be a bit more widespread as the attack pages have boosted themselves to near the top of many search results, thanks to search engine optimization (SEO) poisoning.

It is unclear what the software does when active, though it appears to be logging user activities.  Users who accidentally installed the software can still delete it by killing its process and dragging it from the Applications folder to the Trash bin.

Members of the Apple Support community first noted the malware last Saturday.  

On Monday, security firm Intego released an advisory, calling the risk of the malware "low".  Intego writes:

When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open.

The malware unfortunately shares its name with a legitimate OS X software firm.  MacDefender is a small software firm that makes geocaching software, including GCStatistic and DTmatrix.  The company has released a statement emphatically saying that it is not affiliated with the rogue software.

The company writes:

IMPORTANT NOTE: As it seams (sic) someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.

In recent months botnet-forming worms and trojans have targeted OS X.  Most of these pieces of malware have been amateurish efforts, though, or works in progress.  Nonetheless it remains a very real possibility that Apple could one day see a serious attack.

For its part Apple has suggested users get an antivirus program, though it still claims in advertisements that its platform does not suffer from malware like Windows.  Apple has refused to provide customers with free antimalware software like Microsoft does, so security firm Sophos Plc. has picked up the ball offering free basic protection to Mac users.  Some other smaller firms also offer free Mac antimalware suites.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I'm not saying..
By bobcpg on 5/2/2011 12:33:59 PM , Rating: 3
quote:
Its risk is minimal as it can only install via a combination of an exploit and user carelessness.


We know exploits exist in Mac world and as far as carelessness, well they do own a mac.




RE: I'm not saying..
By Tony Swash on 5/2/11, Rating: -1
RE: I'm not saying..
By themaster08 on 5/2/2011 1:30:37 PM , Rating: 5
quote:
We know 99.99% of all malware is on the Windows platform :)
We know 95% of users are on the Windows platform :)


RE: I'm not saying..
By amanojaku on 5/2/2011 2:30:17 PM , Rating: 2
Along with 99.99% of the world's software and software revenue. STFU.

- A Windows User who has never had a virus, trojan or exploit in over 20 years


RE: I'm not saying..
By Tony Swash on 5/2/11, Rating: -1
RE: I'm not saying..
By themaster08 on 5/2/2011 3:31:22 PM , Rating: 2
quote:
if your experience of Windows was more common then perhaps Windows wouldn't get 99.99% of all malware. But it does :)
If OS X was more common then perhaps Windows wouldn't get 99.9% of all malware.


RE: I'm not saying..
By Tony Swash on 5/2/11, Rating: -1
RE: I'm not saying..
By Pirks on 5/2/2011 4:02:22 PM , Rating: 2
quote:
Connect the dots
No one from the Mac heads here including yourself was ever able to explain what is this magic that is not in Windows and that keeps malware off Macs. Is there anything besides "magic dust" or "magic Jobs pee" or "magic Unix architecture" or any other market speak sh1t that we tech heads could latch onto? Anything at all? BESIDES THE MARKET SPEAK? EH?


RE: I'm not saying..
By amanojaku on 5/2/2011 4:08:51 PM , Rating: 2
Malware authors aren't buying Macs. You need a Mac to write Mac malware.


RE: I'm not saying..
By Pirks on 5/2/2011 4:07:58 PM , Rating: 2
quote:
MacOSX has 10% of the OS market and yet it doesn't have 10% of infections
These two numbers are not DIRECTLY connected to each other and it's WRONG to suggest that they MUST EXACTLY MATCH as you are trying to do here. It's sad you can't see such obvious things.


RE: I'm not saying..
By chick0n on 5/2/11, Rating: -1
RE: I'm not saying..
By themaster08 on 5/2/2011 4:21:41 PM , Rating: 2
quote:
It's pathetic really. I have posted the figure of 99.99% of all malware being on Windows a number of occasions and no Windows defenders ever denies it
Because there's nothing to deny. Windows does get 99.99% of infections. So what? Nobody understands your point. Do you even have a point?

quote:
MacOSX has 10% of the OS market (more like 20% in the consumer space in the States and Europe) and yet it doesn't have 10% of infections.
C'mon, Tony, you know that logic has absolutely no resemblence to reality. iPhone has 20% of the smartphone market. Does that mean they get 20% of all smartphone profits?

Stop your inflated numbers, Tony. OS X has 5% of the global operating system market:
http://marketshare.hitslink.com/os-market-share.as...

quote:
all other platforms including phones and devices all run on a variant of Unix, for good reasons
Sure, like Android, with its increasing malware numbers? Now where are all of those viruses for Windows Phone 7?


RE: I'm not saying..
By SkullOne on 5/2/2011 4:39:12 PM , Rating: 1
Boy all those Vista ads saying Mac is virus free are pretty stupid looking now.

It was only a matter of time until OS X malware started picking up steam. As more and more people foolishly buy crApple crap "because it doesn't get a virus" and don't secure it (like any OS needs to be) this will become a far more common occurrence.

There's a reason why Macs fall quickly at PWN2OWN and other hacker events. It is a very insecure OS that just hasn't been exploited yet due to the limited number of machines out there. Hackers just don't want to bother with it right now. Although that is changing.

Security through obscurity is NOT a security model.


RE: I'm not saying..
By Tony Swash on 5/2/2011 5:46:26 PM , Rating: 2
quote:
Security through obscurity is NOT a security model.


quote:
And here I sit so patiently
Waiting to find out what price
You have to pay to get out of
Going through all these things twice
Bob Dylan


How many times are we going to have to endure the same old bullshit?

One the one hand there are hundreds of millions of computers that don't run Windows, computers that amongst other things manage the the world's money and handle vast amounts of sensitive and potentially very valuable data, including computers accessed by tens of millions ordinary users, computers that are sharing data across networks and via the internet, and yet almost none, a vanishingly small number suffer from malware of any kind.

On the other hand you have the various incarnations of Windows also running on hundreds of millions of computer and here the picture is very different, here there are tens of millions of computers infected by malware, with thousands of new infections every day.

The really embarrassing thing is not that Windows get's all that malware, that's just the result of piss poor design decisions going back decades, what's really shameful is the way that some Windows fans choose to deal with this reality. They deny it. It's not Microsoft or Windows faults, it's everybody's problem, or if it's not everybody's problem then its some sort of perverse reflection of Windows strength.

And so we get this sort of article and comment thread where every silly vapourous and self serving non-story about non-existent Mac malware that is is in reality infecting no one and threatening and damaging no one is puffed up in a desperate attempt to take the heat off of Windows. Don't you guys have any shame?

In reality for all the technical complexity involved the basic facts can be succinctly expressed. Unix was designed from the ground up to be a multi-user secure OS from it's inception. It was then refined over many years as it was deployed to extremely sensitive functions. This makes all Unix based OSs, such as MacOSX and its variant iOS very secure. On the other hand Windows was designed as an insecure single user OS and various aspects of the way it interacted with the internet and networking was bolted on in a blind panic back when the threat from Netscape loomed. The result was a stunningly insecure system. Since then Windows has evolved and it's security has been incrementally improved but trapped by the need to retain backward compatibility no complete rewrite of the entire OS (as occurred at Apple with MacOSX) has ever been undertaken. But this process of incremental patching can never shut all the holes, hence the fact that zero-day attacks, such as the exploited by the astonishing Stuxnet worm, are still happening.

This worth a read

http://rixstep.com/2/20100214,00.shtml

Now on entirely different subject - could I take this opportunity as a Brit to congratulate all Americans everywhere on the killing of Osama Bin Laden. Well done. It took a while but you got the fucker in the end. I shall drink a beer tonight to celebrate.


RE: I'm not saying..
By Pirks on 5/2/2011 6:23:51 PM , Rating: 2
quote:
Windows was designed as an insecure single user OS
From http://en.wikipedia.org/wiki/Windows_nt

"powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix"

Oops, Wikipedia says you are lying. Shall you try and defend yourself, Tony?


RE: I'm not saying..
By Tony Swash on 5/2/11, Rating: 0
RE: I'm not saying..
By Pirks on 5/3/11, Rating: 0
RE: I'm not saying..
By Tony Swash on 5/3/2011 10:50:42 AM , Rating: 2
quote:
Because you Mac user keep lying. Try to read Wikipedia and stick to facts about Windows NT being multiuser from the start, see if my treatment of you Mac user changes.

Besides, Mac OS X can get infected exactly the same way if Mac user agrees to download some "web codec" just like stupid Windows users do. But you are not worried about the facts at all, are you, Tony?


Of course multi-user functionality was added to Windows - as I said Windows has improved its security incrementally. But its also still true that the OS has never been re-written from the bottom up and all the old crud has never been thrown out. If you want some back ground on how compromised many of the design decision were have a look at 'Barbarians led by Bill Gates" by Marlin Eller one of the long term lead developers on Windows. The proof of the pudding is in the eating and the fact that major zero day holes are being found in Windows all the time is an indicator of just how piss poor the architecture is.

I know you guys love to trot out the old 'security through obscurity' drivel whilst never explaining how exactly Apple, of all companies, is obscure. I am sure it reassures you in some way. But it's tosh and deep inside you know it. Malware is essentially a Windows problem. Stop using Windows and it goes away. Stop using Windows and you can dispense with anti-virus software. Stop using Windows and you can stop worrying all the time about malicious attacks. It's one of the many reasons so many people are switching to Macs.


RE: I'm not saying..
By Pirks on 5/3/2011 11:57:46 AM , Rating: 2
quote:
multi-user functionality was added to Windows
Another lie. Windows NT was designed to be multiuser from the beginning, it was not added to it later. Poor knowledge of OS history makes you looking bad Tony.
quote:
its also still true that the OS has never been re-written from the bottom up and all the old crud has never been thrown out
Yet another lie. Windows NT was this exact rewrite from scratch. If you have no idea about those basic history facts - doesn't mean they didn't happen.
quote:
The proof of the pudding is in the eating and the fact that major zero day holes are being found in Windows all the time is an indicator of just how piss poor the architecture is
Major zero day holes are being found in OS X on those PWN2OWN security conferences all the time, it is an indicator of just how piss poor the OS X architecture is.
quote:
Stop using Windows and you can dispense with anti-virus software.
Problem is we will have to dispense NOT _JUST_ WITH THE ANTI VIRUS SOFTWARE in this case, but with all the other Windows software too. How hard is it for you to understand this very basic fact, Tony?


RE: I'm not saying..
By Azethoth on 5/3/2011 4:11:53 PM , Rating: 2
"But its also still true that the OS has never been re-written from the bottom up"
Wrong. Windows NT is a written from scratch OS. Windows was layered on top of it as of Windows XP in 2001.

I followed your Osama link and its all about some guy running XP and OMG getting his 10 year old OS infected. So yeah, XP is vulnerable, but the secure version of Windows is Vista and 7. Those are the ones they released after they got serious about security.

If you can show me rampant vulnerabilities in Windows 7 then I will beat my chest as well. However, the vulnerability of the old versions are neither controversial nor relevant here. Windows XP is not even available for sale anymore. MS dumped it back in 2008 and even OEMs can no longer sell it as of last year.

Your points about real world infections are all valid and will probably remain so. I am also hopeful that the closed nature of iOS + app store keeps my iPad and iPhone malware free as well.

As for personal anecdotal experience: Mac+ = 1 virus back in the early 90's. PCs: none. However I am a programmer and do not just click on anything that moves unless its in a FPS.


RE: I'm not saying..
By SkullOne on 5/2/2011 9:51:40 PM , Rating: 2
How is this non-existent malware? It's in the wild and it is infecting computers because users (of both Windows and OSX) are stupid. The number of people doesn't matter. What matters is that it is indeed infecting users.

Plus you did nothing to prove me wrong. Security through obscurity is NOT a security model. All you did was rant against Windows security. You didn't do anything to prove anybody that OSX isn't a completely insecure piece of crap. That's why it's constantly hacked FIRST at every major hacker convention. It's ASLR has been proven multiple times to be completely inferior to anything Windows uses. Apple's branch of Webkit used in Safari is crap especially compared to Google's version in Chrome. The reason Apple falls first at conventions like PWN2OWN is because it's the easiest to hack.

http://www.dailytech.com/article.aspx?newsid=21097

Honestly, Tony you need to step back and take a deep breath. Smell the crap you're shoveling. Then again it's probably Jobs' crap with a gold coating and called iCrap that you bought a ton of.


RE: I'm not saying..
By Tony Swash on 5/3/2011 5:06:55 AM , Rating: 1
You guys kill me.

To sum up the position of many commentators around here:

In the real world 99.99% of actual and successful malware attacks happen to Windows PCs

This is not a symptom of any weakness in Windows but rather is a symptom of how successful Windows is.

In the real world actual and successful malware attacks on Macs are virtually unknown, and if there are any at all the number is vanishingly small.

The correct conclusion to draw from this is that MacOSX is as insecure as Windows, in fact it it is more insecure.

Having lots of malware is a symptom of how good Windows is and having no malware is a symptom of how bad MacOSX is.

Only stupid people buy the OS with the least malware. Clever people buy the OS with the most malware.

Mac sales are growing very, very strongly because it is the worst OS and Windows sales are declining because it is the best OS.

___________________________

After note: I am off to the most remote part of the Scottish Highlands for the next month and not sure how often I can connect so you guys may have to survive without me for a while - can you cope? :)

After, after note: Love this photo

http ://www.flickr.com/photos/whitehouse/5680724572/
(space added in URL to circumvent The stupid Daily Tech spam detector)

Congratulations again on a job well done.


RE: I'm not saying..
By PaterPelligrino on 5/3/2011 6:13:33 AM , Rating: 3
quote:
To sum up the position of many commentators around here: In the real world 99.99% of actual and successful malware attacks happen to Windows PCs This is not a symptom of any weakness in Windows but rather is a symptom of how successful Windows is.


Isn't that common sense? Windows receives the vast majority of malware attacks because of it's vastly superior market share. Windows is where the money is.

Armed robbers target banks and armored cars instead of information booths, not because the former is less secure than the later, but because there's no profit in attacking info booths.

I repeat: Hackers are in it for the money, and the money is in the OS that has a market share that dwarfs the competition. As Willie Sutton said, he robs banks because that's where the money is. Which explains why Macs don't get a percentage of malware infections proportional to their market share. Very few in-it-for-the-money hackers are going to target an OS that is only run of one out of every 15(?) computers, no matter how easy it is to hack Apple stuff.

Malware attacks succeed because a certain percentage of the users of any OS are going to be dumb enough to click on or download something they shouldn't. And ten percent of Windows users is a hell of a lot more people that 10% of Apple users, so if you made your living by infecting computers, which OS would you target?

Anything else I can help you out with?


RE: I'm not saying..
By Tony Swash on 5/3/11, Rating: 0
RE: I'm not saying..
By PaterPelligrino on 5/3/2011 7:02:03 AM , Rating: 3
Tony, have you ever made a post to this forum that wasn't a defense of Apple/attack on Msft? Do you even have a life that doesn't somehow revolve around Apple? I hope you're getting paid for all this Apple agitprop, because if you do this for free, if proselytizing for the Apple brand is your purpose in life, that's kinda pathetic don't you think? It's just a computer ffs.

If computer use were a religion, I'd think of Windows users as agnostics/atheists and Apple fanboys as Evangelical Christians. Those guys sleeping in line for two days to get the latest iteration of the iPhone remind me of pilgrims to Lourdes.

Umberto Ecco had a different take on the distinction between the two. Ecco once wrote an essay arguing that the Apple Mac was a Catholic device, while the Windows PC was a Protestant one. His reasoning was that, like the Roman church, Apple offered a guaranteed route to salvation – the Apple Way – provided one never doubted or wandered from the path. PC users, on the other hand, had to take personal responsibility for working out their own routes to heaven.


RE: I'm not saying..
By eskimospy on 5/2/2011 5:07:54 PM , Rating: 2
Well that's a shockingly stupid argument. Why on earth would the percentage of malware on a platform exhibit a 1:1 correlation with market share?

God, you can't even troll right anymore.


RE: I'm not saying..
By amanojaku on 5/2/2011 3:51:45 PM , Rating: 2
Exactly. I was replying to his exaggeration with my own. People confuse the number of Windows exploits, which is actually pretty low, with the number of infected machines, which is high. "99.99%" of the world's malware would be for the Mac if the Mac had Window's market share. Or Linux. Or whatever the hell there is (iOS and Android, watch out!) Because "99.99%" of the world is lazy or incapable of securing an OS.


RE: I'm not saying..
By PaterPelligrino on 5/2/2011 9:11:48 PM , Rating: 3
We've had no end of articles about how easy it is to hack the Mac OS. Who was the famous hacker who compared the Mac to a house in the country with all of the doors and windows unlocked, whereas Windows was like a house in a real bad neighborhood with steel doors and bars in the windows?

Cliche or not, hackers are in it for the money, and the money is in the OS that has a market share that dwarfs the competition. As Willie Sutton said, he robs banks because that's where the money is. Which explains why Macs don't get a percentage of malware infections proportional to their market share. Very few in-it-for-the-money hackers are going to target an OS that's only run of one out of every 15(?) computers, no matter how easy it is to hack Apple stuff.

So yah, maybe you're right. If you're not computer savvy, the Mac is probably the OS for you. Certainly, I always recommend the Mac to those who aren't comfortable around computer tech.

However, if you aren't an idiot - the kind who clicks on all the junk mail in his In Box - then your PC isn't going to be paralyzed with malware as those bullsh't Mac ads would have everyone believe. Just because some guy confuses his gas and brake pedals and drives his car into a wall doesn't mean I shouldn't buy a Toyota.

I haven't had any type of malware problem on my Windows system in the last 6 years - nothing . I can't remember the last time my computer crashed or froze. This in spite of the fact that I visit the odd dodgy site and simultaneously run dozens of bickering, non-Msft apps.

You guys want to splash out on pretty products and hang in coffee shops doing cool things with each other - fine. You want to make a fashion statement and accessorize with suede covers and cases for your Apple kit - I think that's really lovely. But don't try to justify your existence by lying about those of us who don't share your adolescent brand fixation. No PC user who knows anything about computers recognizes himself in the stereotypes you pass around as accepted wisdom.

We're not martyrs. If the PC really was that bad, and Apple that much better, all the techies on this site would be fanboys. I certainly don't have any affection for Microsoft that would keep me buying their stuff if my computer was always crashing or getting infected with hacker sh't. I stay with the PC precisely because it does everything I ask of it, and doesn't cause me any problems. Therefore, I have no reason to move to Apple. Worshiping at the Church of Steve carries too high a price - both literally and figuratively - to tempt me.


RE: I'm not saying..
By boogle on 5/2/2011 3:33:28 PM , Rating: 1
quote:
- A Windows User who has never had a virus, trojan or exploit in over 20 years


And I bet you don't run any AV either because you don't 'need' it?

- A Windows user who knows that the best malicious software is invisible to the user


RE: I'm not saying..
By noirsoft on 5/2/2011 7:50:42 PM , Rating: 2
quote:
We know 99.99% of all malware is on the Windows platform :)


99.99% of all terrorist bombings in the US have been large, multi-story publicly accessible buildings. By your logic, my house's construction is inherently more bomb-proof than that of a skyscraper.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki